PART I Critical Vulnerabilities
Part I for this issue has been compiled by Josh Bronson at TippingPoint,
a division of HP, as a by-product of that company's continuous effort
to ensure that its intrusion prevention products effectively block
exploits using known vulnerabilities. TippingPoint's analysis is
complemented by input from a council of security managers from twelve
large organizations who confidentially share with SANS the specific
actions they have taken to protect their systems. A detailed description
of the process may be found athttp://www.sans.org/newsletters/risk/#process

Description: Rockwell Automation has released a patch addressing an
unspecified memory corruption vulnerability in its FactoryTalk
Diagnostics Viewer. FactoryTalk is Rockwell's suite of software products
designed for industrial settings and is designed to facilitate
communication between an enterprise and its manufacturing processes in
industrial settings. FactoryTalk Dianostics logs and makes available
activity, status, warning, and error messages. Details are not publicly
available for this vulnerability, but the attack vector is known. By
enticing a target to open a malicious ".ftd" file, an attacker can
exploit this vulnerability in order to execute arbitrary code on the
target's machine.

This list is compiled by Qualys ( www.qualys.com ) as part of that
company's ongoing effort to ensure its vulnerability management web
service tests for all known vulnerabilities that can be scanned. As of
this week Qualys scans for 11938 unique vulnerabilities. For this
special SANS community listing, Qualys also includes vulnerabilities
that cannot be scanned remotely.
______________________________________________________________________

11.32.1 CVE: Not Available
Platform: Third Party Windows Apps
Title: Ipswitch WhatsUp Gold SNMP Response Denial Of Service
Description: Ipswitch WhatsUp Gold is a network monitoring and
management solution. Ipswitch WhatsUp Gold is exposed to a denial of
service issue. Specifically, an attacker can crash the "Discovery
Service" by sending crafted SNMP responses during the discovery process.
Ipswitch WhatsUp Gold versions prior to 14.4.1 are affected.
Ref:http://docs.ipswitch.com/NM/82_WhatsUp Gold v14.4/01_Release Notes/14.4.1/index.htm
______________________________________________________________________

11.32.2 CVE: Not Available
Platform: Third Party Windows Apps
Title: ICQ "MUIMessage.dll" File Transfer Denial of Service
Description: ICQ is an instant messaging client. ICQ is exposed to a
remote denial of service issue. This issue affects the "MUIMessage.dll"
file and arises when handling specially crafted files received through
the "File Transfer" functionality of the application. ICQ 7.5 is
vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/48943/references
______________________________________________________________________

11.32.3 CVE: CVE-2011-2956
Platform: Third Party Windows Apps
Title: AzeoTech DAQFactory Denial of Service
Description: AzeoTech DAQFactory is data acquisition and control
application. The application is exposed to a denial of service issue
because it fails to perform authentication for certain signals.
Versions prior to DAQFactory 5.85 are affected.
Ref: http://www.securityfocus.com/bid/48955/discuss
______________________________________________________________________

11.32.4 CVE: CVE-2011-2957
Platform: Third Party Windows Apps
Title: Rockwell Automation FactoryTalk Diagnostics Viewer ".ftd" File
Remote Code Execution
Description: FactoryTalk Diagnostics Viewer is a part of FactoryTalk
Services Platform that provides diagnosis solutions to the products on
the platform. The application is exposed to a remote code execution
issue. This issue occurs because of an unspecified memory corruption
issue which is triggered when processing a specially crafted
configuration (".ftd") file. Versions prior to FactoryTalk
Diagnostics Viewer 2.30.00 are affected.
Ref: http://www.securityfocus.com/bid/48962/references
______________________________________________________________________

11.32.6 CVE: Not Available
Platform: Unix
Title: SCO UnixWare License Policy Manager Daemon "sco_pmd"
Unspecified Denial of Service
Description: UnixWare is a UNIX operating system maintained by SCO
Group. UnixWare is exposed to a denial of service issue caused
by an unspecified error in the License Policy Manager Daemon
"sco_pmd". UnixWare 7.1.4 is vulnerable and other versions may also be
affected.
Ref:ftp://ftp.sco.com/pub/unixware7/714/security/p535239a_uw7/p535239a_uw7.txt
______________________________________________________________________

11.32.11 CVE: CVE-2011-2524
Platform: Cross Platform
Title: Libsoup SoupServer Directory Traversal
Description: Libsoup is an HTTP client server library for GNOME. The
application is exposed to a directory traversal issue because it fails
to sufficiently sanitize user-supplied input. The problem affects the
"SoupServer" component and can be exploited by sending a specially
crafted URI request containing directory traversal strings to the
affected server. libsoup 2.4 is vulnerable and other versions may also
be affected.
Ref: http://www.securityfocus.com/bid/48926/discuss
______________________________________________________________________

11.32.22 CVE: Not Available
Platform: Web Application
Title: MyWebServer dot Character Remote Script File Disclosure
Description: MyWebServer is a peer-to-peer web, file and application
server. The application is exposed to a file disclosure issue because
it fails to properly sanitize user-supplied input. Specifically, an
attacker can obtain the source code of a file by providing a dot "."
or " " character at the end of the filename in an HTTP request.
MyWebServer 1.0.3 is vulnerable; other versions may also be affected.
Ref: http://www.securityfocus.com/bid/48921/references
______________________________________________________________________

11.32.23 CVE: Not Available
Platform: Web Application
Title: CFTP Insecure Cookie Authentication Bypass Vulnerability
Description: CFTP is a web-based application implemented in PHP. The
application is exposed to an authentication bypass issue because it
fails to adequately verify user-supplied input used for cookie-based
authentication. Specifically, attackers can gain administrative access
to the application by setting the "access" cookie parameter to "admin"
and "userlevel" cookie parameter to "9". cFTP r80 is vulnerable; other
versions may also be affected.
Ref: http://www.securityfocus.com/bid/48931/discuss
______________________________________________________________________

11.32.24 CVE: Not Available
Platform: Web Application
Title: Group-Office Command Injection and SQL Injection
Vulnerabilities
Description: Group-Office is a PHP-based content manager. The
application is exposed to an SQL injection issue and a command
injection issue because it fails to properly sanitize user-supplied
input to unspecified parameters and scripts. Versions prior to
Group-Office 3.7.25 are affected.
Ref: http://www.securityfocus.com/bid/48941/references
______________________________________________________________________

11.32.25 CVE: Not Available
Platform: Web Application
Title: ZoneMinder "view" Parameter Local File Include Vulnerability
Description: ZoneMinder is a freely available application designed to
control and record video from security cameras. It contains a
web-based administrative application implemented in PHP. The
application is exposed to a local file include issue because it fails
to properly sanitize user supplied-input submitted to the "view"
parameter in the "web/index.php" script. Versions prior to ZoneMinder
1.24.4 are affected.
Ref: http://www.securityfocus.com/bid/48949/references
______________________________________________________________________

11.32.26 CVE: Not Available
Platform: Network Device
Title: Avaya Secure Access Link Gateway Invalid Domain Servers
Information Disclosure Vulnerability
Description: Avaya Secure Access Link is a gateway that provides
security solutions for remote access management. The application is
exposed to an information disclosure issue. Specifically, by default
the application incorrectly points the Secondary Core Server URL and
the Remote Server URL to "secavaya.com" and "secaxeda.com"
respectively; these domains are invalid. This can result in the
application sending sensitive information such as alarms or logs to
the email addresses of these invalid domain severs. Secure Access Link
1.5, 1.8, and 2.0 are affected.
Ref: http://support.avaya.com/css/P8/documents/100140483
______________________________________________________________________